cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

CMMC "Voluntary" compliance

Jeremy Wood
Iron Contributor

‎Aug 25 2020 09:08 AM

‎Aug 25 2020 09:08 AM

CMMC "Voluntary" compliance

All agencies are required to comply with CMMC, not just DoD, so I am trying to figure out how that works if we are in the base GCC cloud versus High or DoD. What tools do we have to help ensure compliance in GCC G3 and/or G5?

769 Views
1 Like
1 Reply
Reply
1 Reply
best response confirmed by Sarah.Gilbert (Community Manager)
RichardWakeman

‎Aug 25 2020 12:34 PM

‎Aug 25 2020 12:34 PM

Solution

Re: CMMC "Voluntary" compliance

@Jeremy Wood There are 2 primary topics that come to mind.  First, is coverage for CUI that contains ITAR and requires DFARS 7012.  I lay out the argument here:  https://aka.ms/CUISovereignty

 

If you keep GCC, you will need compensating controls in place to protect CUI.  

 

The other topic, is the pairing with Azure for IaaS & PaaS services, such as Windows Virtual Desktop and Sentinel.  The natural pairing for GCC is Azure Commercial.  To get coverage for Gov compliance requirements, you will want to use Azure Government (in another tenant).  That has a whole host of challenges straddling tenants.  Alternatively, GCC High is naturally paired with Azure Government in a single tenant.

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Sarah.Gilbert (Community Manager)
RichardWakeman

‎Aug 25 2020 12:34 PM

‎Aug 25 2020 12:34 PM

Solution

Re: CMMC "Voluntary" compliance

@Jeremy Wood There are 2 primary topics that come to mind.  First, is coverage for CUI that contains ITAR and requires DFARS 7012.  I lay out the argument here:  https://aka.ms/CUISovereignty

 

If you keep GCC, you will need compensating controls in place to protect CUI.  

 

The other topic, is the pairing with Azure for IaaS & PaaS services, such as Windows Virtual Desktop and Sentinel.  The natural pairing for GCC is Azure Commercial.  To get coverage for Gov compliance requirements, you will want to use Azure Government (in another tenant).  That has a whole host of challenges straddling tenants.  Alternatively, GCC High is naturally paired with Azure Government in a single tenant.

View solution in original post

1 Like
Reply